This runable class is really helpful when you copy a DB between environments with different tenants, different ADFS instances or if you messed up the SIDs
using Microsoft.Dynamics.ApplicationPlatform.Environment;
class TWIXUserInfoUpdate
{
public static void main(Args _args)
{
UserInfo updateUserInfo;
NetworkDomain updatedNetworkDomain;
// Get network domain
updatedNetworkDomain = EnvironmentFactory::GetApplicationEnvironment().get_Provisioning().get_AdminIdentityProvider();
ttsbegin;
TWIXUserInfoUpdate::callInsertUpdateRelatedSkipMethods(updateUserInfo);
// Update network alias and network domain for all non admin users
update_recordset updateUserInfo
setting
networkDomain = updatedNetworkDomain,
IdentityProvider = updatedNetworkDomain
where updateUserInfo.id != 'Admin'
&& updateUserInfo.isMicrosoftAccount == 0
&& updateUserInfo.accountType == UserAccountType::ClaimsUser;
// Update SID
while select forupdate updateUserInfo
where updateUserInfo.id != 'Admin'
&& updateUserInfo.networkAlias
&& updateUserInfo.networkDomain == updatedNetworkDomain
&& updateUserInfo.isMicrosoftAccount == 0
&& updateUserInfo.accountType == UserAccountType::ClaimsUser
{
AxaptaUserManager manager = new AxaptaUserManager();
xAxaptaUserDetails userDetails =
manager.getSIDFromName(updateUserInfo.networkAlias, updatedNetworkDomain, updateUserInfo.accountType);
updateUserInfo.sid = userDetails.getUserSid(0);
updateUserInfo.update();
}
ttscommit;
}
public static void callInsertUpdateRelatedSkipMethods(Common _buffer)
{
//BP deviation documented
_buffer.skipAosValidation(true);
_buffer.skipDatabaseLog(true);
_buffer.skipDataMethods(true);
//needed in case of crossCompany
_buffer.skipEvents(true);
}
}
TECHNICAL TOPICS: MICROSOFT DYNAMICS AX & DYNAMICS 365 FOR FINANCE AND OPERATIONS - ENTERPRISE EDITION
07 December 2018
30 November 2018
D365 F&O | Sync DB timeout error
When the db sync of a D365 environment fails with a timeout error like the following:
AOS database sync failed. Microsoft.Dynamics.AX.Framework.Database.TableSyncException: Full sync did not complete successfully. Error: One or more errors occurred.
...
SqlException:Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.
You should check if the environment has enough ressources. Monitor the availbale CPU, RAM and disk speed. In some cases a simple reboot might help. If you are facind this error in a VM running on your laptop assign more than one core to the VM ;)
AOS database sync failed. Microsoft.Dynamics.AX.Framework.Database.TableSyncException: Full sync did not complete successfully. Error: One or more errors occurred.
...
SqlException:Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.
You should check if the environment has enough ressources. Monitor the availbale CPU, RAM and disk speed. In some cases a simple reboot might help. If you are facind this error in a VM running on your laptop assign more than one core to the VM ;)
28 November 2018
D365 F&O | Change DevOps Build Agent
When you are managing more than one Microsoft Dynamics 365 for Finance and Operations environment throught DevOps (alias VSTS) it is a good idea to seperate the build agents into different build agent pools.
Creating a new agentpool in DevOps is quite simple but how do we change the link between the VSTSAgent which is running on the D365 box and the agent pool.
First of all create an AccessToken within DevOps as shown below:
After that connect to the D365 F&O server and navigate to C:\DynamicsSDK. There you will find a file named SetupBuildAgent.ps1. Create a copy of this file and open it in your favorite editor. Here we need to change two parameters:
AgentPoolName = "YourAgentPoolName"
VSOAccessToken = "YourNewlyCreatedToken"
Creating a new agentpool in DevOps is quite simple but how do we change the link between the VSTSAgent which is running on the D365 box and the agent pool.
First of all create an AccessToken within DevOps as shown below:
AgentPoolName = "YourAgentPoolName"
VSOAccessToken = "YourNewlyCreatedToken"
After that we need a PowerShell which is running in admin mode. Execute your SetupBuildAgentXYZ.ps1 file and provide the base URL of the DevOps project collection
Finally you can check the agent pools in DevOps and you'll see that the Agent is now part of the agentPool you defined.
14 November 2018
Technical Reference Reports for Microsoft Dynamics 365 for Finance and Operations
This site provides some good technical informations regarding Microsoft Dynamics 365 for Finance and Operations
22 October 2018
D365 F&O: DB Sync - Failed to create a session; confirm that the user has the proper privileges to log on to Microsoft Dynamics 365 for Finance and Operation
After a DB copy I tried to sync the new DB using the cmd:
Microsoft.Dynamics.AX.Deployment.Setup.exe -bindir "K:\AOSService\PackagesLocalDirectory" -metadatadir "K:\AOSService\PackagesLocalDirectory" -sqluser "axdbadmin" -sqlserver "localhost" -sqldatabase "AxDB" -setupmode servicesync -syncmode fullall -isazuresql "false" -logfilename "C:\Temp\dbsync.log"
but this always failed with the following error message:
Microsoft.Dynamics.Ax.Xpp.ErrorException: Failed to create a session; confirm that the user has the proper privileges to log on to Microsoft Dynamics 365 for Finance and Operation
Looking at the event log I found the corresponding info:
A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.)
that was confusing. So it was not a wrong entry in the userInfo table. After some checks on the DB I found out that the sysglobalconfiguration was set to azuresql even though I was working with a local sql server
So after changing the configuration the DBSync was working again:
update sysglobalconfiguration
set value = 'SQLSERVER'
where name = 'BACKENDDB'
update sysglobalconfiguration
set value = 0
where name = 'TEMPTABLEINAXDB'
Microsoft.Dynamics.AX.Deployment.Setup.exe -bindir "K:\AOSService\PackagesLocalDirectory" -metadatadir "K:\AOSService\PackagesLocalDirectory" -sqluser "axdbadmin" -sqlserver "localhost" -sqldatabase "AxDB" -setupmode servicesync -syncmode fullall -isazuresql "false" -logfilename "C:\Temp\dbsync.log"
but this always failed with the following error message:
Microsoft.Dynamics.Ax.Xpp.ErrorException: Failed to create a session; confirm that the user has the proper privileges to log on to Microsoft Dynamics 365 for Finance and Operation
Looking at the event log I found the corresponding info:
A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.)
that was confusing. So it was not a wrong entry in the userInfo table. After some checks on the DB I found out that the sysglobalconfiguration was set to azuresql even though I was working with a local sql server
So after changing the configuration the DBSync was working again:
update sysglobalconfiguration
set value = 'SQLSERVER'
where name = 'BACKENDDB'
update sysglobalconfiguration
set value = 0
where name = 'TEMPTABLEINAXDB'
01 August 2018
D365 F&O | Oh AOS why have you forbidden me
Just another great post from Tariq Bell: Thank you so much ;)
https://blogs.msdn.microsoft.com/axsa/2018/04/17/oh-aos-why-have-you-forbidden-me/
https://blogs.msdn.microsoft.com/axsa/2018/04/17/oh-aos-why-have-you-forbidden-me/
13 July 2018
D365 | on-premises SSRS error - Keyset does not exist
If the SSRS Server reports the following error in the AX-SSRSReportExtensions\Operational log it is important to check if the certificates used by the SSRS service are accesible from the service account running the SSRS service.
So first of all open the reporting service configuration manager and find out the service name. Than open certificate manager (mmc) an check the personal certificates. there you should see:
So first of all open the reporting service configuration manager and find out the service name. Than open certificate manager (mmc) an check the personal certificates. there you should see:
- ReportingService Certificate
- DataEncryptionCertificate
- DataSigningCertificate
If they are not there go to Microsoft docs and read the installation instruction for on-prem ;)
If you see these certificates right click each of them and click "All Tasks" --> "Manage Private Keys..." and add the service user with read permissions.
| message | Unable to find the EDT metadata for field Name on table DirPartyTable. |
| exceptionMessage | Exception occurred on the metadata service on client or server. See exception details below: >Keyset does not exist |
| exceptionType | Microsoft.Dynamics.AX.Framework.Services.Client.MetadataServiceException |
| stackTrace | Microsoft.Dynamics.AX.Framework.Services.Client.MetadataServiceException:
Exception occurred on the metadata service on client or server. See exception
details below: >Keyset does not exist --->
System.Security.Cryptography.CryptographicException: Keyset does not exist
Server stack trace: at
System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters,
Boolean randomKeyContainer) at
System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType,
CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize,
SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) at
System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() at
System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize,
CspParameters parameters, Boolean useDefaultKeySize) at
System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.get_PrivateKey() at
System.IdentityModel.Tokens.X509AsymmetricSecurityKey.GetAsymmetricAlgorithm(String
algorithm, Boolean privateKey) at
Microsoft.IdentityModel.CryptoUtil.GetSignatureFormatterForSha256(AsymmetricSecurityKey
key) at
Microsoft.IdentityModel.Protocols.XmlSignature.SignedXml.ComputeSignature(SecurityKey
signingKey) at
Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.ComputeSignature()
at
Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.OnEndRootElement()
at
Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.WriteAssertion(XmlWriter
writer, Saml2Assertion data) at
Microsoft.IdentityModel.Tokens.SecurityTokenSerializerAdapter.WriteTokenCore(XmlWriter
writer, SecurityToken token) at
System.ServiceModel.Security.SendSecurityHeader.OnWriteHeaderContents(XmlDictionaryWriter
writer, MessageVersion messageVersion) at
System.ServiceModel.Channels.MessageHeader.WriteHeader(XmlDictionaryWriter
writer, MessageVersion messageVersion) at
System.ServiceModel.Security.SecurityAppliedMessage.OnWriteMessage(XmlDictionaryWriter
writer) at
System.ServiceModel.Channels.BufferedMessageWriter.WriteMessage(Message message,
BufferManager bufferManager, Int32 initialOffset, Int32 maxSizeQuota) at
System.ServiceModel.Channels.TextMessageEncoderFactory.TextMessageEncoder.WriteMessage(Message
message, Int32 maxMessageSize, BufferManager bufferManager, Int32 messageOffset)
at System.ServiceModel.Channels.HttpOutput.SerializeBufferedMessage(Message
message, Boolean shouldRecycleBuffer) at
System.ServiceModel.Channels.HttpOutput.Send(TimeSpan timeout) at
System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.SendRequest(Message
message, TimeSpan timeout) at
System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan
timeout) at
System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message
message, TimeSpan timeout) at
System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message,
TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at
System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at
System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]: at
System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg,
IMessage retMsg) at
System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at
Microsoft.Dynamics.AX.Framework.Services.Metadata.Service.IAxMetadataService.GetTableMetadataByName(String[]
tableNames) at
Microsoft.Dynamics.AX.Framework.Services.Client.MetadataServiceClient.<>c__DisplayClass22_0. |
21 June 2018
D365 Finance and Operations on-premises software lifecycle policy and on-premises releases
Here you can find detailed information about the current versions of Dynamics 365 for Finance and Operations on-premises. Let's hope that one day on-prem and cloud will have the same release dates.
https://docs.microsoft.com/en-us/dynamics365/unified-operations/dev-itpro/migration-upgrade/on-prem-version-update-policy?toc=/fin-and-ops/toc.json#dynamics-365-for-finance-and-operations-on-premises-release-dates
23 May 2018
Financial Reportin alias Management Reporter unavailable
If you see the following error in a dev or cloud instance of Dynamics 365 for finance and operations check if the management reporting service is running on the server.
You do not have permission to perform this action.
Work with your administrator to verify your user permissions within Financial Report Designer.
Work with your administrator to verify your user permissions within Financial Report Designer.
16 May 2018
D365 F&O - Debugging in on-premises environments
If you are facing errors in your Dynamics 365 for finance and operations on-prem environment there is currently no real debugging story available. But there is a new article from Tariq Bell on how to debug using WinDbg:
https://blogs.msdn.microsoft.com/axsa/2018/05/16/debug-a-dynamics-365-for-finance-and-operations-on-premises-instance-without-visual-studio/
At least a starting point and a really nice GUI ;)
https://blogs.msdn.microsoft.com/axsa/2018/05/16/debug-a-dynamics-365-for-finance-and-operations-on-premises-instance-without-visual-studio/
At least a starting point and a really nice GUI ;)
09 May 2018
D365 F&O Deployment to on-prem failed during download
If the deployment of Dynamics 365 for finance and operations fails after preparing phase when the asset is downloading you should check the logs. If there is a message like the one below just verify that the orchestrator nodes are online and click retry.
| MachineName | SRV-XYZ |
| Message | Unable to download asset xyzxyzxyzxyzxyzxyz |
| Detail | at
System.Environment.GetStackTrace(Exception e, Boolean needFileInfo) at
System.Environment.get_StackTrace() at
Microsoft.Dynamics.Operations.Local.LocalAgentEvents.LocalAgentEventHelpers.ErrorPrettify(LocalAgentEventSource
source, Exception ex, Int32 errorCode, String format, Object[] values) at
OrchestrationService.LcsArtifactsProvider. |
27 April 2018
D365 F&O financial reporting deployment error - event logs
AX LocalAgent:
Error 1
Error 2
Error 1
|
Message
|
Module
financialreporting failed
|
|
Detail
|
System.InvalidOperationException:
An error was encountered. Details may be found in the deployment logs at
'C:\ProgramData\Microsoft Dynamics ERP\Management Reporter\Logs'
System.AggregateException: One or more errors occurred. --->
System.TimeoutException: Operation timed out. --->
System.Runtime.InteropServices.COMException: Exception from HRESULT:
0x80071BFF at
System.Fabric.Interop.NativeClient.IFabricApplicationManagementClient10.EndProvisionApplicationType3(IFabricAsyncOperationContext
context) at
System.Fabric.Interop.Utility.<>c__DisplayClass22_0.
|
Error 2
|
Message
|
Task
OrchestrationService.DeployModulesRunnerTask,OrchestrationService failed for
command id 3f3c0269-1c9d-448f-8e89-4e9a019cb8f4
|
|
Detail
|
System.InvalidOperationException:
Unable to deploy modules at
OrchestrationService.DeployModulesRunnerTask.Run(OrchestratorRunbookResource
runbookResource, String commandId, String jobId, String runbookTaskId) at
OrchestrationService.OrchestrationJobManager.<>c__DisplayClass14_0.
|
26 April 2018
D365 F&O on-premises | deployment failed for application financial reporting alias management reporter
During our installations and code deployments into Dynamics 365 for Finance and Operations on-premises we struggled a lot with one of the last steps of the installation: The financial reporting application. We have seen different issues till now. And there are several things to check when this step fails.
- Check EventLog of primary orchestrator node for error messages in the local-agent folder.
- Install ETW-Manisfest on the orchestrator node if not already there to check the MR logs:
https://docs.microsoft.com/en-us/dynamics365/unified-operations/dev-itpro/deployment/troubleshoot-on-prem#mr - Check the userinfo table of AX DB. There must be a user called FRServiceUser
- Check if there are reports still checked out:
select * from reporting.ControlReport where CheckedOutTo is not null
-
If yes just update the following tables (on your own risk):update Reporting.ControlReport
set CheckedOutTo = null
update Reporting.ControlRowMasterset CheckedOutTo = null
update Reporting.ControlColumnMasterset CheckedOutTo = null
update Reporting.ControlTreeMasterset CheckedOutTo = null
D365 F&O | Workflow editor - Your security settings do not allow this application to be run on your computer
When opening the workflow editor from Dynamics 365 for Finance and Operations you may see an error message saying: "Your security settings do not allow this application to be run on your computer."
This is a security configuration from Windows. Check the registry settings regarding the prompting level for trusted sites and local intranet (Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Security\TrustManager\PromptingLevel). They should be enabled. If not just change them.
Than you just need to add the D365 F&O url as a trusted site in internet explorer setting. Try again and it should look like this:
This is a security configuration from Windows. Check the registry settings regarding the prompting level for trusted sites and local intranet (Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Security\TrustManager\PromptingLevel). They should be enabled. If not just change them.
Than you just need to add the D365 F&O url as a trusted site in internet explorer setting. Try again and it should look like this:
Subscribe to:
Posts (Atom)